| Intent | Example | |--------|---------| | | Malware sets its DLL as InprocServer32 for a CLSID that an application loads at startup. | | COM Hijacking | Override a legit CLSID (e.g., BCDE0395-E52F-467C-8E3D-C4579291692E ) with a malicious DLL. | | Browser injection | IE/Explorer uses certain CLSIDs for toolbars/extensions. | | Legitimate software | Rare – most devs use HKLM or proper installer. |
reg add "HKCU\Software\Classes\CLSID\86ca1aa0-34aa-4e8b-a509-50c905bae2a2\InprocServer32" /f /ve | Intent | Example | |--------|---------| | |